The DNS is a strategic infrastructure, since all internet services for companies, associations and public organisations depend on it. Implementing DNSSEC allows you to secure this key infrastructure.
Description and aims of the training course
This training course will enable you to protect your customers and your own infrastructures against any security problems that might penalise your activities. You will learn how to deploy this delicate extention that require advanced technical knowledge and a rigorous exploitation.
You will be able to:
- Assess the benefits of DNSSEC before deploying it in your environment
- Acquire the knowledge needed for a successful DNSSEC extension configuration
- Operate a resolver (Unbound) to validate responses with DNSSEC
- Build a DNSSEC infrastructure with OpenDNSSEC and manage the keys and BIND to serve the signed zones
Registrars, DNS hosts, professionals of security and the DNS.
- Knowledge of the basics of the DNS
- Familiarity with the UNIX operating system and the TCP/IP network protocols
- At least one year’s experience in the domain name administration business
Stéphane Bortzmeyer, DNS expert & R&D Engineer, Afnic
The training course is given online via our video conferencing tool.
The link to connect will be sent to you once your registration is finalized.
Practical exercises will be carried out throughout the course to help assimilate the methods and concepts presented.
€1,600 excl. tax per participant
For group enrolment, please contact us for a quotation.
DIRECTTE declaration number: 11788446878
Our experts can adapt to your needs and design a custom training course.
If you are a Registrar and a DNS host, DNSSEC adoption for the .fr zone is one of our priorities. Contact us for a personalised session.Contact us for a personalised quotation
Day 1 – Morning: Reminder of the basics
- Functioning of the DNS
- Security of the DNS and associated risks
- Contributions of DNSSEC
Day 1 – Afternoon: Presentation of DNSSEC
- Keys and DNSKEY records
- Signing of records
- Secure delegation
- Proof of non-existence: NSEC and NSEC3 records
Day 2 – Morning: DNSSEC in practice
- Protocol details
- DO bit and transport (EDNS)
- Problems associated with firewalls
- Creation of a zone signed manually
- Validation using Unbound
- Verifying with DIG and DELV
- Identifying the causes of a problem
- Performing tests with Zonemaster and DNSVIZ
- Delegation of a zone
- Renewal of keys
Day 2 – Afternoon: Practical exercises and feedback
- Creation of a signed zone with OpenDNSSEC
- DNSSEC feedback
- In the root zone
- For Top-Level Domains
- Ordinary zones signed
- Storage of keys and HSMs
- Frequently encountered operational problems
Upcoming training sessions
June 6 & 7, 2024
If anyone participating in the training course has a disability, please contact us on +33 (0)1 39 30 83 59 so we can make suitable arrangements.
Last updated on 29th November 2023